CrowdStrike recently published its 2025 Global Threat Report, which among other conclusions, emphasized that social engineering tactics aimed to steal credentials grew an astounding 442% in the second half of 2024. Correspondingly, use of stolen credentials to attack systems increased.

Other observations in the report include:

The details behind these conclusions include that the time an adversary starts moving through a network “reached an all-time low in the past year. The average fell to 48 minutes, and the fastest breakout time we observed dropped to a mere 51 seconds.” This means that threat actors are breaking in and swiftly moving within the system, making it difficult to detect, block, and tackle.

Vishing “saw explosive growth—up 442% between the first and second half of 2024.”

CrowdStrike’s observations are instructive to plan and harden defenses against these risks. Crucial pieces of the defense are:

Although we have been repeatedly educating employees on these themes, the statistics and real life experiences show that the message is not getting through. Addressing these specific risks through your training program may help ebb the tide of these successful social engineering campaigns.

Leave a Reply

Your email address will not be published. Required fields are marked *